[Bug 201381] New: Unloading acpi table through configfs causes NULL pointer dereference bug

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=201381

            Bug ID: 201381
           Summary: Unloading acpi table through configfs causes NULL
                    pointer dereference bug
           Product: ACPI
           Version: 2.5
    Kernel Version: 4.18
          Hardware: Intel
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Config-Tables
          Assignee: acpi_config-tab...@kernel-bugs.osdl.org
          Reporter: ft...@telfort.nl
        Regression: No

Since 4.13 we have patch 'ACPI: configfs: Unload SSDT on configfs entry
removal' in the kernel.

However when I try to actually unload a table I get a bug check. I have tested
this on Intel Edison Arduino with 4.18 x86_64 using 2 different tables, 1
called arduino, providing I2C/SPI/HSU and a 2nd one called leds, providing a
simple LED connected to a gpio. Result is similar.

FYI Intel Edison has no BIOS and receives ACPI tables in part from U-Boot and
in my case Arduino support through configfs. Loading tables in this fashion
appears to work just as fine as though a cpio, with the potential bonus of
being able to unload them.

ARDUINO
-------
rmdir /sys/kernel/config/acpi/table/arduino/
ACPI: Host-directed Dynamic ACPI Table Unload
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 7181 Comm: kworker/u4:0 Not tainted 4.18.0-edison-acpi-standard #1
Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542
2015.01.21:18.19.48
Workqueue: kacpi_hotplug acpi_device_del_work_fn
RIP: 0010:create_of_modalias.isra.1+0x4d/0x150
Code: 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff 65 48 8b 04 25 28 00 00
00 48 89 44 24 18 31 c0 e8 4a a2 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48
c7 c7 40 13 f4 a2 0f b6 f0 8d 50 20 f6 04 
RSP: 0018:ffff9c51c0c6bc10 EFLAGS: 00010246
RAX: 0000000000001001 RBX: ffff8fa4bb3d4196 RCX: 0000000000000000
RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffff8fa4bd804260
RBP: ffff8fa48ca08210 R08: 0000000000001001 R09: 0000000000000000
R10: ffff8fa48ca08000 R11: ffffffffa305fe3d R12: 0000000000000785
R13: 0000000000000000 R14: ffff8fa4bc698010 R15: ffff8fa4bdad1060
FS:  0000000000000000(0000) GS:ffff8fa4bf300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000000c8de000 CR4: 00000000001006e0
Call Trace:
 ? vsnprintf+0x2b6/0x4b0
 __acpi_device_uevent_modalias+0xde/0x100
 spi_uevent+0xd/0x40
 dev_uevent+0x96/0x2c0
 kobject_uevent_env+0x2e7/0x7f0
 device_release_driver_internal+0x227/0x240
 bus_remove_device+0xe0/0x150
 device_del+0x133/0x350
 ? klist_iter_exit+0x17/0x30
 device_unregister+0x11/0x60
 acpi_spi_notify+0x89/0xa0
 notifier_call_chain+0x42/0x60
 blocking_notifier_call_chain+0x39/0x60
 acpi_device_del_work_fn+0x62/0xb0
 process_one_work+0x1e3/0x3c0
 worker_thread+0x28/0x3c0
 ? set_worker_desc+0xb0/0xb0
 kthread+0x10e/0x130
 ? kthread_create_worker_on_cpu+0x70/0x70
 ret_from_fork+0x35/0x40
Modules linked in: iptable_nat nf_nat_ipv4 nf_nat spi_pxa2xx_platform smsc95xx
pwm_lpss_pci pwm_lpss brcmfmac brcmutil spi_pxa2xx_pci hci_uart btbcm
ti_ads7950 industrialio_triggered_buffer kfifo_buf spidev mmc_block sdhci_pci
cqhci sdhci led_class mmc_core
CR2: 0000000000000000
---[ end trace 77bdc8463ac6088b ]---

LEDS
----
root@edison:~# rmdir /sys/kernel/config/acpi/table/leds/
ACPI: Host-directed Dynamic ACPI Table Unload
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
CPU: 1 PID: 4316 Comm: kworker/u4:2 Not tainted 4.18.0-edison-acpi-standard #1
Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542
2015.01.21:18.19.48
Workqueue: kacpi_hotplug acpi_device_del_work_fn
RIP: 0010:create_of_modalias.isra.1+0x4d/0x150
Code: 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff 65 48 8b 04 25 28 00 00
00 48 89 44 24 18 31 c0 e8 4a a2 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48
c7 c7 40 13 74 bd 0f b6 f0 8d 50 20 f6 04 
RSP: 0018:ffffaf4800257cf8 EFLAGS: 00010246
RAX: 0000000000001001 RBX: ffff8c403a877176 RCX: 0000000000000000
RDX: 0000000000001001 RSI: 0000000000000296 RDI: ffff8c403d804260
RBP: ffff8c403ae98a10 R08: 0000000000001001 R09: 0000000000000000
R10: ffff8c403ae98800 R11: ffffffffbd85ff0d R12: 00000000000007a5
R13: 0000000000000000 R14: ffff8c403ae98a60 R15: ffff8c403dad1060
FS:  0000000000000000(0000) GS:ffff8c403f300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000003b89c000 CR4: 00000000001006e0
Call Trace:
 __acpi_device_uevent_modalias+0xde/0x100
 dev_uevent+0x96/0x2c0
 kobject_uevent_env+0x2e7/0x7f0
 ? __pm_runtime_disable+0x13/0xc0
 device_del+0x235/0x350
 acpi_device_del_work_fn+0x6a/0xb0
 process_one_work+0x1e3/0x3c0
 worker_thread+0x28/0x3c0
 ? set_worker_desc+0xb0/0xb0
 kthread+0x10e/0x130
 ? kthread_create_worker_on_cpu+0x70/0x70
 ret_from_fork+0x35/0x40
Modules linked in: i2c_dev ledtrig_netdev ledtrig_oneshot ledtrig_timer
leds_gpio ledtrig_heartbeat iptable_nat nf_nat_ipv4 nf_nat spi_pxa2xx_platform
smsc95xx pwm_lpss_pci pwm_lpss brcmfmac brcmutil spi_pxa2xx_pci hci_uart btbcm
ti_ads795>
CR2: 0000000000000000
---[ end trace 09430e0923010718 ]---

I don't know if the Component I selected above is correct or if it should be
Config-Hotplug.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

_______________________________________________
acpi-bugzilla mailing list
acpi-bugzilla@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acpi-bugzilla